Posted
by
samzenpus
on Monday January 28, 2013 @01:15PM
from the stop-tracking-me-bro dept.

Dupple writes "After settling with the FTC, Google is under pressure again regarding user privacy. From the BBC: 'A group of Apple's Safari web browser users has launched a campaign against Google over privacy concerns. They claim that Google bypassed Safari's security settings to install cookies which tracked their movements on the internet. Between summer 2011 and spring 2012 they were assured by Google this was not the case, and believed Safari's settings to be secure. Judith Vidal-Hall, former editor of Index On Censorship magazine, is the first person in the UK to begin legal action. 'Google claims it does not collect personal data but doesn't say who decides what information is "personal,"' she said. 'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

Have you seen those small "Share" and "Like" buttons all over the web?

Thats right, Facebook, Google, and others, see every time a browser downloads those buttons and which URL it was loaded from. It the user happens to be logged on to their service, they also see the user's identity.

In otherwords, Facebook, Google can track almost every user and page load on the web!

The news is that in the EU it's illegal to track users with cookies without their consent. Google went out of their way to circumvent the security settings on Safari, such that they tracked users even when they's said no. And then on top of that Google lied about it, saying they weren't doing so.

Because they can. The real problem here is that the browser cannot enforce its own security settings. The fact that Google is evil is beside the point. If I check a "don't track me" option in my browser then end up being tracked, my anger is directed toward the browser, not the tracker. Anything else doesn't make sense and is counter-productive.

Risky analogy: if my partner cheats on me, my anger should be directed toward my partner, not to anyone else (provided my partner cheated on me with someone who does

Have you seen those small "Share" and "Like" buttons all over the web?

Thats right, Facebook, Google, and others, see every time a browser downloads those buttons and which URL it was loaded from. It the user happens to be logged on to their service, they also see the user's identity.

In otherwords, Facebook, Google can track almost every user and page load on the web!

Maybe Google should start charging us for their services that we get for free... They have to make their money from something, if you don't like it don't use it. Also, anyone who honestly believes that a toggle in their browser is going to prevent them from being tracked on the open internet needs an education on how things really work in the real digital world.

Also, anyone who honestly believes that a toggle in their browser is going to prevent them from being tracked on the open internet needs an education on how things really work in the real digital world.

When the law says that the user shouldn't be tracked, then the user shouldn't be tracked. In an ideal world, Google shouldn't be going out of the way to circumvent those laws.

However, the law says that you must inform users they are being tracked.

Which is the case here.

It's an astroturf movement. Apple getting at Google for Android.

It was a similar faked outrage when *33* people complained about Attenborough's bit on a polar bear giving birth which was done in a zoo for the safety of the cameramen and the polar bears and described on the BBC web site for the program. But, because it dared say that AGW was a problem, the daily hate mail insisted this was AN OUTRAGE.

Manufactured.

PS to use the BBC website, you are required to accept cookies or the site won't work. Mostly for technical reasons, but you still have to allow cookies.

Yeah the Daily Fail tried to discredit Attenborough but all they did was drag their own reputation deeper down the gutter. Why? - Because Attenborough's persona and 50yr track record is such that people see his face and they know it's legit.

It wasn't legit. I don't know the Mail's take on the situation, I don't read it.

However, the BBC presented video from a zoo and implied it was in the wild. Attenborough should be ashamed for providing the voiceover, not try to defend it.

The problem was not that the BBC used footage from a zoo. The problem was that they deliberately tried to trick the viewer into thinking that the bear cubs filmed were in the wild. Just because they were open in saying that they did so after the event does not make it ok

I have the documentary in my collection, there is no "deliberate trickery". As the OP stated, it was a manufactured controversy intended to punish Attenborough for his views on AGW. You'd have to be a complete moron to fall for such a transparent attempt to assassinate his character.

However, the law says that you must inform users they are being tracked.

Which is the case here.

It's an astroturf movement. Apple getting at Google for Android.

[...] PS to use the BBC website, you are required to accept cookies or the site won't work. Mostly for technical reasons, but you still have to allow cookies.

They DO tell you "We use cookies" and that is all the law required.

It was a pretty useless law.

Amazing that your post is rated so how while being so wrong. First of all, there is no information to the user that they are being tracked. The BBC doesn't require you to allow third party cookies to work. Google and assorted Advertising scum does. And remind me why Google has to pay a record fine to the FTC for doing this [huffingtonpost.com] (which the summary so cleverly avoids telling by calling it a settlement)

I don't use Google services, and yet 99% of the websites on the 'net ping back to google-analytics.com informing them of every link I click on. Are you saying I should stop using the web completely?

This isn't about tracking people's use of Google's services, it is about tracking every single thing every single person does on the web. Apple added some privacy protection into Safari, and Google actively worked around it, bypassing the users' wishes to not be tracked.

Maybe Google should start charging us for their services that we get for free... They have to make their money from something

It's called "advertising". Though perhaps Google should charge users who use NoScript/ABP/etc. to block ads from Google and Google-owned companies like DoubleClick, AdMob, etc. (Google owns basically the entire online adversing companies - from their AdSense ads to the companies that do all the annoying popover/popunder/interstitials and such - all owned by Google).

Actually, I'd love it if Google offered a subscription-based, ad-free/tracking-free consumer version of their services. That's not much of a threat, I wish they'd start charging for services that we get for free.

They have to make their money from something, if you don't like it, don't use it.

The problem here is that people specifically set their browser in a way that said, "don't track me," and Google said, "Well, since you couldn't possibly have meant to exclude US with that setting, we'll just circumvent

Much as I can agree with the sentiment, we cannot allow every single consumer out there to dictate what constitutes privacy data. Perhaps google should publish what it deems as privacy information, and then allow the consumer to decide to play along or not.

Much as I can agree with the sentiment, we cannot allow every single consumer out there to dictate what constitutes privacy data. Perhaps google should publish what it deems as privacy information, and then allow the consumer to decide to play along or not.

I find Google far more forthcoming than most companies, and offering a much finer grained level of control.

I would also wager, that Judith Vidal-Hall has a facebook page, a Linkedin page. As far as I'm concerned, anyone signing up for either of those two services has abdicated all semblance of Privacy. Living in a country with CCTV cameras on every street corner, and a government hell bent on capturing every keystroke on your computer forever, how can she object if Google complies with her country's laws?

I would also wager, that Judith Vidal-Hall has a facebook page, a Linkedin page. As far as I'm concerned, anyone signing up for either of those two services has abdicated all semblance of Privacy.

A Judith Vidal-hall [facebook.com] is on Facebook, but provides no additional information to strangers. Despite the Slashdogma, it is possible to have a Facebook page and not spend your entire day posting your SSN and rapid status updates about what you ate for lunch and how it is propogating through your digestive system.

As far as I'm concerned, anyone making poorly educated sweeping generalizations based on bad stereotypes has abdicated all semblance of Trust on public forums.

Despite the Slashdogma, it is possible to have a Facebook page and not spend your entire day posting your SSN and rapid status updates about what you ate for lunch and how it is propogating through your digestive system.

That is not the default for FB and never was. You have to jump through hoops to set it up so that a small semblance of privacy (or more accurately the illusion of it) is maintained there. And every time they update something the privacy settings for that something is always "Show it to the w

I read that line and thought... great. Someone out there is going to think that their screen height is private and break every website that uses scroll effects. That's not a major loss, but what if they decided that the browser is private? People can't be allowed to determine everything that's private... can they?

Yes if only there was some sort of policy regarding privacy that sites like Google would make public... Something that was easy to find, perhaps right on the bottom of every page. Something that said something like Privacy & Terms [google.com] that you could simply click on to get information.

Yes if only there was some sort of policy regarding privacy that sites like Google would make public... Something that was easy to find, perhaps right on the bottom of every page. Something that said something like Privacy & Terms [google.com] that you could simply click on to get information.

Is the link to that page also on every webpage that Google uses it's third-party cookies on?

It could explain why the numbers don't match up with web stats or some people are just wasting their time with a smart phone. I wouldn't bother with a mobile phone at all if I couldn't use the internet every day. Even with my old G1 I'd surf Slashdot even if it was the worst possible way to view the site.

I mean ultimately its Safari's problem that Google could find a way to circumvent their privacy settings and write cookies to their user profile. If Safari was written properly then no website should be able to access private information or write to profile.

What is at fault here is the users thought Safari was secure, but Google found a way around the security. Its Safari's issue, period.

The entire Internet, including (especially, in this case) the WWW, is based on published specifications that describe how clients and servers are supposed to interact with each other. Some of these specifications relate to privacy. In particular, there is a thing called a "compact privacy policy" which is a very shorthand way of indicating many of the most salient points of a privacy policy in a machine-readable format. This is a published specification, part of the Platform for Privacy Preferences (P3P), d

Compact policies are summarized P3P policies that provide hints to user agents to enable the user agent to make quick, synchronous decisions about applying policy. Compact policies are a performance optimization that is OPTIONAL for either user agents or servers. User agents that are unable to obtain enough information from a compact policy to make a decision according to a user's preferences SHOULD fetch the full policy.

The text Google sends is obviously not a valid CPP, so the browser is incorrectly implementing an optional part of the spec to the detriment of the users.

They don't incorrectly add any of the defined compact tokens to the CP header. No correct implementation should be able to determine a policy from what is returned.

"'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

Fulfilling the expectation that the internet surfer's privacy wishes are being honored is the job of a browser without security, not a massive corporation whose primary income source is targeted advertisements.

Since when is Google storing a cookie on your local computer the same as Google collecting data on you. Collecting, by its very definition, would mean that they are storing the data on their computer. Now, if Google then harvests the data stored locally and does something with it, that is a different story, but just having Google store a cookie, does not in and of itself mean that they are collecting personal data, even if the cookie contains personal data. If that were the case, then just about every webs